1. Field of the Invention
This invention relates to an authentication and session key generation system and, more particularly, to a method and apparatus for authenticating a first entity to a second entity and for generating a session key for communications between the entities.
2. Description of the Related Art
Often it is desirable to generate a short-lived session key for communications between two entities such as a client application and a server application in a client/server system. The session key should be generated in such a manner that it cannot be discovered by a third party, even though the key generation protocol is performed over a insecure communication channel subject to interception by that third party.
The Diffie-Hellman key agreement protocol provides a procedure, using asymmetric encryption techniques, for establishing a secret session key between two parties, even though they share no secret information at the outset and communicate entirely over public channels. (Asymmetric, or public key, procedures are those in which the communicating parties use mathematically related but different keys, for example, a public encryption key and a private decryption key that cannot be feasibly derived from the public key. Symmetric encryption techniques such as DES, on the other hand, use the same key for both encryption and decryption) The procedure is described at page 649 of W. Diffie and M. E. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, vol. IT-22, no. 6, November 1976, pp. 644-654, and in U.S. Pat. No. 4,200,770, both of which are incorporated herein by reference. However, the base Diffie-Hellman procedure provides no inherent authentication, so that party A, believing that he has established a session key with party B, may have in fact established a key with party C, who is masquerading as party B. In addition, since the Diffie-Hellman key agreement protocol is an asymmetric procedure, it is computationally expensive relative to such symmetric procedures as DES encryption.
Various other systems, including enhancements of the Diffie-Hellman procedure, provide for both authentication and session key generation. Such systems are described, for example, in the commonly owned copending application of S. M. Matyas et al., Ser. No. 08/736,774, filed Oct. 25, 1996, entitled "Method and Apparatus for Establishing an Authenticated Shared Secret Value Between a Pair of Users", as well as in E. Basturk et al., "Efficient Methods for Two Party Entity Authentication and Key Exchange in a High Speed Environment", IBM Technical Disclosure Bulletin, vol. 38, no. 3, March. 1995, pp. 295-297, both of which are incorporated herein by reference. However, such systems often require multiple communications between entities, and systems using public key techniques retain the disadvantage of requiring computationally expensive operations. What is desired is a simpler and more efficient technique that combines authentication with session key generation.